Problems with get_group_alias_entries

[Kai Krueger]

I've noticed two problems with enumerating aliases in srv_samr_nt.c.

The first problem is, that local unix groups only appear as aliases in win2k user manager 
if I have a debug level bigger than 2. I assume this is not a feature ?!? ;-)
The problem seams to be that the smb.conf parameter "winbind gid" is not properly
initialised if not specified in smb.conf. Therefore the variables winbind_gid_low and
winbind_gid_high contain nonsense values that even seam to be dependant on "log level"
causing "if ((grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high))"
not to function correctly. Is it possible to give the parameter default values?


The second problem is that enumeration of aliases in the builtin domain returns all
aliases that are in the mapping tdb. So local groups that are explicitly mapped, for
example to change the comment to something other than "Local unix group", turn up
in both the builtin domain and the normal domain. This especially causes problems in
user manager as that enumerates the domain aliases first and then the builtin aliases.
As both versions of the local group have the same name and rid, user manager
only displays the one in the builtin domain which shouldn't be there in the first place
covering up the correct, mapped alias in the normal domain.

This can be stopped by simply checking the sid instead of just returning the rid, but
IMHO there are some confusions between, the mapping, well-known aliases in the
builtin domain and the local groups so some more changes would be sensible. 

Do all local groups really have to be returned or wouldn't it be enough if only the
mapped groups are returned? I think that it doesn't make much sense returning all 
local (system) unix groups as they don't have much to do with NT. Apart from that
the enumeration code would be simpler if not all local groups would be returned.
Do other people see this similar, or is this a needed feature?


Kai